Security audit

小红书转Obsidian

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it handles Xiaohongshu login cookies in ways that could expose an account session.

Review this carefully before installing. Use only a low-risk Xiaohongshu account, treat ~/.openclaw/xhs-cookies.json like a password, delete or rotate it after use, and avoid running the extractor on untrusted links unless the script is patched to enforce the Xiaohongshu hostname and keep normal HTTPS certificate verification enabled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill invokes Python and shell scripts, performs network-backed extraction, and writes notes/files locally, yet declares no permissions or trust boundaries. This creates an authorization and transparency gap: an agent may run file, shell, and network actions without the user being clearly informed or a policy layer constraining them.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The instructions tell the user to export and persist full authenticated Xiaohongshu session cookies to a local JSON file. Session cookies are effectively bearer credentials; storing the full set unencrypted and for 30 days is broader than needed for note extraction and could enable account takeover or unauthorized access if the file is exposed.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill instructs users to export account cookies but does not clearly warn that these are sensitive authentication credentials equivalent to login tokens. In this context, that omission is especially dangerous because the provided script captures the active session and saves it locally, normalizing unsafe handling of secrets and increasing the likelihood of credential leakage.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The script disables TLS hostname and certificate verification before fetching a page while sending authentication cookies. This allows a man-in-the-middle attacker or hostile network environment to intercept or modify traffic, potentially stealing session cookies and altering fetched content. The skill context makes this more dangerous because it handles authenticated scraping using browser-exported cookies.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal